NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.
Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.
An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Kelley L. Dempsey, Victoria Yan Pillitteri, Andrew Regenscheid
Abstract
An organization often has mission and business-based needs to exchange (share) information with one or more other internal or external organizations via various information exchange channels. However, it is recognized that the information being exchanged also requires the same or similar level of protection as it moves from one organization to another (protection commensurate with risk). This publication focuses on managing the protection of the information being exchanged or accessed before, during, and after the exchange, and provides guidance on identifying information exchanges, considerations for protecting exchanged information, and the agreement(s) needed to help manage the risk associated with exchanging information. This publication does not provide implementation guidance on any particular type of technology-basd connection or information access or exchange method. Organizations are expected to tailor the guidance to meet specific organizational needs and requirements regarding the information exchange.
agreements, connection, information exchange, information exchange agreement, interconnection, interconnection security agreement, memoranda of agreement, memoranda of understanding, nondisclosure agreement, protection requirements, risk management, service level agreement, user agreement.
Dempsey, K.
, Pillitteri, V.
and Regenscheid, A.
(2021),
Managing the Security of Information Exchanges, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-47r1, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=932582
(Accessed October 1, 2025)